Your Security & Privacy
QMC Metering Solutions (“QMC”) exists to provide intelligent advanced metering solutions while respecting our customer’s privacy expectations. At QMC, we are dedicated to protecting your privacy and safeguarding the personal information you have entrusted to us.
By “personal information” we mean information about an identifiable individual. That’s what this policy is about – our collection, protection, use, disclosure, retention, and other processing of personal information and your rights relating to these activities.
- Identifying purposes
- Limiting collection
- Limiting use, disclosure, and retention
- Individual access
- Challenging compliance
Accountability & Challenging Compliance
QMC has named a Privacy Officer who is responsible for privacy at QMC. This includes our policies and procedures that are designed to keep your information safe. If you have any questions about our privacy practices or this policy, you can contact us at:
1105 – 573 Sherling Place, Port Coquitlam, BC
Email: [email protected]
If you’re not satisfied with our response, you have the option of contacting the Office of the Privacy Commissioner of British Columbia:
Office of the Information and Privacy Commissioner for British Columbia 4th Floor, 947 Fort Street
QMC may collect, use, store, or disclose your personal information for the purposes described below. In order to provide you with services, which includes the following:
- We collect information directly from you but may also collect information from third parties when you connect your QMC account to them. These integrations may pull data into or share data out of QMC. In some cases, we use a service provider to connect you to a third-party service
- We may also collect your name and email address from third parties when you sign up and login to our site using single sign-on (SSO)
- When you connect your QMC account with a third-party service, their terms and policies apply
- To promote or offer your products or services, and to determine your eligibility for new services we may offer from time to time
- To contact you for the purposes of service updates and system and account notifications
- To provide you with support in connection with the services
- To comply with any laws, regulation, court orders, warrants, inquiries, subpoenas or other legal processes or investigations, and to protect ourselves, other individuals, or property from harm.
We will never sell your personal information to other companies.
QMC takes a consent-based approach to the collection, use, and disclosure of personal information.
Submitting the Personal Information of Others
If you submit the personal information of your customers or employees to us, you are responsible for informing such customers and employees about QMC, and for obtaining any necessary consent or authority from them.
Closing Your QMC Account
At any time, and without penalty, QMC users can withdraw their consent to the continued use or disclosure of their personal information by closing their QMC account. Please ensure that you complete the account closure process which includes a confirmation email. Otherwise, your account may not be closed.
Email & Communications Consent
QMC only collects the personal information necessary to provide our services to you. The services you use will determine which information QMC collects. We’ll also provide you with the option of sharing additional information to enhance your QMC experience.
QMC may also use third-party services to supplement or enrich our understanding of our customers. This includes cross-referencing information like a name, business name, email address, or IP address in third- party databases, and using the information there to improve our understanding of you and your business.
QMC is not intended for children and we do not knowingly or intentionally collect information about individuals under the age of thirteen (13).
Where required, business partners may have access to information in your QMC account, including personal information, and may perform various tasks on your behalf. You take full responsibility for any collection, use, or disclosure of your personal information by our business partners.
Limiting Use, Disclosure, & Retention
We will use your personal information as described in this policy and we will share your personal information with third parties only as described in this policy.
We will retain your information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law or regulation. To be clear, that means that we’ll retain your personal information while you have an active account, and afterward if we need to do so to meet our legal obligations. If you choose to close your QMC account, we will destroy your personal information in accordance with our data retention policies.
QMC relies on you to provide us with information that is accurate and complete. We provide you the mechanisms and rely on you to keep your information up to date. You can request updates or corrections of any inaccuracies in your personal information at any time by contacting us at the contact information listed in the policy. We will respond to your request within a reasonable timeframe.
QMC uses a combination of reasonable and appropriate safeguards designed to protect your information. These safeguards are administrative controls (things like policies, procedures, and training), technical controls (things like encryption, firewalls, and secure coding frameworks), and physical controls (secured hosting environments).
We ensure that any third party acting on our behalf maintains reasonable and appropriate safeguards in respect of your personal information. Additional information about our third parties’ privacy practices is available upon request.
If you have questions about security on our site, you can contact us at [email protected].
You are also responsible for helping to protect the security of your personal information. For instance, never give out your email account information or your password for the services to third parties. Our team will never request your password or PIN, and we ask that you never post account or credit card numbers to our support channels.
This policy outlines our privacy practices. If you have questions about it, please contact our Privacy Officer. This policy is available publicly at https://qmeters.com/privacy.
You may access, update, and correct your personal information that’s in our custody or control at any time, subject to limited exceptions prescribed law. You can download or export data you input into the site at any time. Or, to correct inaccuracies, simply login to your account and make the necessary changes.
You can also request access, corrections, or updates to all of your personal information, including information that’s not available through your account, by contacting us as set out in the Challenging Compliance section of this document. We may request certain personal information for the purpose of verifying the identity of the individual seeking access to their personal information records.
Public Content and Social Media
From time to time QMC may have public forums and blogs. Any information submitted there may be read and collected by anyone.
You may request removal of personal information from forum or blog posts and comments by contacting us at [email protected]
If you provide us with a testimonial, with your consent, we may post it on our site or in other materials and media, along with your name. If you want your testimonial removed, please contact us at [email protected]
We may transfer (or otherwise make available) your personal information to third parties who provide services on our behalf. For example, we may use service providers to host our website and to process payments. Your personal information may be maintained and processed by these third parties in other
jurisdictions, like the U.S. When your information is in another jurisdiction, it will be subject to their laws. We only share the information that these service providers need to do their job and we don’t authorize them for any other use or disclosure of personal information.
We may use service providers to verify bank account information you provide to us in providing our services to you.
We may also use services provided by third-party platforms (such as social networking sites) to serve targeted ads on such platforms to you or others, and we may provide a hashed version of your email address or other information to the platform provider for such purposes. To opt-out of the sharing of your information with such platforms, please send an email to [email protected]
Visiting the Site & Using the Mobile Apps
In general, you can visit the site without telling us who you are or submitting any personal information. However, we and/or our service providers (such as Google Analytics) collect information such as how often users visit the websites, what pages they visit, and what other sites they used prior to visiting. The data collected is used to track and examine the use of the website and to prepare reports on its activities. We may use the data collected on the websites to contextualize and personalize the ads.
Cookies, Tags, & Web Beacons
Technologies such as cookies, web beacons, tags, and scripts may be used by QMC, our advertising and analytics service providers (such as Google analytics), and affiliates to analyze usage trends, administer the site, and to gather demographic information about our user base.
PCI-DSS compliant: QMC is a Level 1 PCI-DSS compliant. This means that every year we have a third-party audit to validate our practices and make sure that we’re doing the right things for our customers.
Secure data transmission: When you load a page in your browser, or upload something to QMC, all of that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping. We also support a
wide variety of cyphers — another kind of code — for our communications, to ensure the highest level of encryption possible based on your browser.
Tokenization: QMC doesn’t store credit card numbers. Credit card information is sent directly from your browser to our payment processor, and QMC receives a secure token back. This token is a code that authorizes QMC to complete the activity securely and efficiently without storing or exposing your credit card information.
Secure data storage: Your data is stored on servers that have strict physical access protocols. The facilities are controlled with 24/7 monitoring and the technology is digitally protected.
Security testing: QMC uses many layers of security testing. We test our systems internally. We also bring in third-party security firms to perform vulnerability assessments and penetration tests against our systems.
Passwords are encrypted when they’re sent to our servers. We never store them without encrypting them first. In fact, all communications between our apps and our servers are encrypted using Transport Layer Security (TLS) (the replacement for Secure Sockets Layer (SSL)) the highest level of security protocols available. Beyond that, we don’t store any sensitive information, such as credit card numbers, on the device.
QMC has an internal risk system that uses a wide variety of tools and insights to protect our customers from fraud. We take a layered approach to risk detection for the highest level of protection and we monitor high risk and out-of-pattern behaviour to keep our platform safe.
Do you have additional questions about the security of QMC? Please contact us. We’d be happy to tell you more about the steps we take to ensure the security of your information.
QMC & General Data Protection Regulation (Gdpr), California Consumer Privacy Act (CCPA)
QMC’s internal policies are aligned with the objectives of GDPR and the CCPA. For example, under GDPR:
- QMC’s internal policies are aligned with the objectives of GDPR and the CCPA. For example, under GDPR:
You Have A Right To Close Your Account And Have Personally Identifiable Information Deleted.
- You can close your QMC account, and when you do, we delete personally identifiable
You Have A Right To Take Your Data With You.
- You own all of your data and you can export or request data files at any
You Have A Right To Turn Off Direct Marketing Messages.
- We respect your email preferences and make it easy for you to opt
Companies Must Provide A ‘Reasonable’ Level Of Protection For Personal Data.
- As a company that handles financial information, including credit card transactions, QMC only uses data centers in secure facilities that meet the industry. We are working to meet GDPR and CCPA requirements and will keep you informed as we implement additional functionality to support your privacy rights. Effective Date: 07/30/2021 10:33 AM
QMC Information Security Policy Overview
QMC has a duty and responsibility to protect the information under its custody and control. Being able to access complete and accurate information is vital to QMC ’s ability to operate efficiently and successfully provide products and services to customers.
QMC also collects, stores, uses, and discloses confidential and personal information on private individuals, employees, partners, and suppliers and its own operations. QMC has a duty to safeguard such information when processing it.
This Information Security Policy (the “Policy”) outlines a principles-based strategy for QMC to provide service, protect corporate assets, and manage change. Together, the principles and this Policy provide the basis for organizational priorities, strategies, and actions. The Policy is a living document and will continue to be updated and improved as the security landscape evolves and QMC provides operational feedback on implementation.
This Policy generally aligns with the information security management systems standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (EC) as set forth in ISO 27001 and 27002. Implementing this Policy will, therefore, support QMC’s intention to comply with various aspects of these international data security standards.
The Information Security Committee has developed a set of Information Security Guiding Principles that align with and support QMC’s stated purpose: “QMC is a leading provider of end-to-end submetering solutions and data management for large institutions and commercial, multi- residential properties.”
The purpose of this Policy is to:
- Protect QMC ’s information against loss or theft, unauthorized access, disclosure, copying, use, modification, or destruction (each an “Information Security Incident”)
- Describe and clarify roles and responsibilities in respect of the creation, collection, use, storage, disclosure, and destruction of information
- Strengthen QMC ’s business continuity if information is compromised or lost
- Enhance QMC ’s compliance with applicable laws, regulations, and contractual obligations
- Ensure that QMC ’s procedures and processes prioritize the protection of the following aspects of information:
- Confidentiality –information is accessible only to authorized individuals
- Integrity – ensure the accuracy and completeness of information
- Availability –authorized users have access to all relevant information when required
This Policy establishes the framework for the management of information security within QMC.
This Policy and the procedures, processes, and other measures connected to it apply to all directors, officers, and employees of QMC, as well as third-party contractors and agents of QMC that have access to QMC ’s information or information systems (collectively known as “individual users”).
This Policy applies to all forms of information created, communicated, collected, used, stored, and disclosed in connection with QMC ’s operations, including:
- Documents, records, and other information in hard-copy or electronic form
- Documents, records, and other information transmitted by post, courier, fax, electronic mail, text messages, and other means
- Information stored in QMC servers, computers, laptops, mobile phones, and other information systems
- Information stored on any type of removable media, including memory sticks, digital cameras, discs, and other means.
This Policy is based on ISO 27002 and structured around the 11 main security category areas set forth therein. This Policy is supported and implemented by various controls intended to protect QMC’s information, including those set forth in standards, processes, procedures, and other measures (see below):
- Policies and standards define the processes
- Processes are operationalized through procedures
- Procedures are supported by tools and training
- Guidance documents provide operational advice
A failure to adhere to this Policy and the procedures and processes implemented therein may put
information at risk of an Information Security Incident. Information Security Incidents can result in a range of negative consequences, including damage to QMC’s brand, economic loss, non-compliance with legislative requirements, and liability to QMC and third parties.
An Information Security Incident could occur at any point in the life cycle of the affected information (i.e., at its creation, collection, use, processing, storage, disclosure, deletion, or destruction).
QMC will, therefore, regularly undertake risk assessments to identify, quantify, and prioritize risks associated with its information, and subsequently develop controls to mitigate such risks. QMC will undertake risk assessments using a consistent and systematic approach.
This Policy sets out QMC ’s approach to managing information security. This Policy is approved by management and is communicated to it’s Board of Directors, all employees of QMC, contractual third parties, and agents of QMC. The security requirements for QMC will be reviewed, at least annually, by the Executive Team and the head of the IT Security Provider. Any changes to the Policy shall first be approved by the Committee.
Organization of Information Security
The Executive Team or delegate will review and make recommendations on the security policy, policy standards, procedures, incident management, and security awareness education.
QMC shall incorporate all applicable statutory, regulatory, and contractual requirements in this Policy, as well as its information security processes and procedures. QMC will also work to adhere to the ISO 27002 standards (the International Standards for Information Security) by:
⁻ Issuing guidance on what constitutes an Information Security Incident
⁻ Implementing processes and procedures that require all known or reasonably suspected Information Security Incidents to be reported and recorded
⁻ Security Incidents and vulnerabilities to QMC ’s information security systems to be reported to the IT Security Provider and subsequently investigated
⁻ Producing, maintaining, and testing business continuity plans
⁻ Preparing and administering information security education and training to all individual users as appropriate
⁻ Ensuring that individual users only have access to and use QMC’s information as required for
⁻ legitimate business purposes
⁻ Obtaining specialist external advice where necessary to maintain this Policy and any processes and procedures hereunder to address new and emerging threats and standards
⁻ The requirements of this Policy shall be reflected in QMC ’s processes, procedures and contractual arrangements
The controls listed under ISO 27002 can be grouped into the following categories:
⁻ Organizational controls: controls involving management, and the organization in general, and controls that reflect legal and regulatory obligations
⁻ Technical controls: controls involving or relating to technologies, IT
⁻ People controls: controls involving or relating to behaviors, activities, roles, and responsibilities of staff
⁻ Physical controls: tangible controls such as locks, and other environmental protection such as fire and intruder alarms
⁻ External party controls: controls involving or relating to parties outside QMC (e.g., service providers, vendors, third parties, contracted cloud services, etc.)